TODAY'S TOP 5
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
ANOTHER CHINA TELECOM HACKING GROUP: CrowdStrike has identified?a brand-new China-linked cyber-espionage operation that's infiltrating telecommunications networks, Axios reports. The group, which CrowdStrike is calling Liminal Panda, has also built custom hacking tools to exploit the industry's interoperable capabilities, allowing calls to other networks to breach additional telecommunications entities.
TRANSPORTATION CYBER REGS HEARING: House Republicans and representatives from the rail and pipeline industries criticized what they say are overly onerous security regulations during a Tuesday hearing that could be a preview of how cyber rules are handled in the Trump administration, CyberScoop reports. The House Homeland Security Subcommittee on Transportation and Maritime Security?hearing?focused on the business impact of Transportation Security Administration emergency directives issued weeks after a?ransomware hack forced Colonial Pipeline?to take offline nearly half of the gasoline and jet fuel on the East Coast.?
‘MANHATTAN PROJECT’ FOR AI?: A U.S. congressional commission proposed a “Manhattan Project-like” initiative for the funding of artificial intelligence (AI) development in a larger push to stay ahead of China’s technological advancements, The Hill reports. The recommendations, issued Tuesday by the bipartisan U.S.-China Economic and Security Review Commission (USCC), recommended Congress yield “broad multiyear contracting authority” to the executive branch for AI, cloud and data center companies for AI development.
UNDERSEA CABLES SEVERED: A 730-mile telecommunications cable between Finland and Germany was severed in the early hours of Monday, while a 136-mile internet link between Lithuania and Sweden's Gotland Island stopped working on Sunday, BBC reports. German Defence Minister Boris Pistorius said "nobody believes that these cables were cut accidentally.”
AUSTRALIA ASSESSES INFRASTRUCTURE RISK: Australia faces the most complex and challenging strategic environment since the Second World War, extending to the cyber threat landscape, the Australian Signals Directorate’s Australian Cyber Security Centre?said in its 2023-24 Annual Cyber Threat Report. In FY2023-24, ASD received over 36,700 calls to its Australian Cyber Security Hotline, an increase of 12% from the previous?financial year. ASD also responded to over 1,100 cybersecurity incidents and notified entities more than 930 times of potential malicious activity on their networks.
CYBER FOCUS PODCAST
NEW: In the latest episode of Cyber Focus, host Frank Cilluffo sits down with former Deputy Assistant National Cyber Director Cheri Caddy, a McCrary senior fellow and senior technical advisor at the Department of Energy. They discuss the cybersecurity challenges surrounding connected vehicles, examining how modern cars are effectively "computers on wheels" and the broader implications for privacy, data security and national security. Cheri highlights the convergence of IT and OT systems in vehicles, the need for cyber-informed engineering and the importance of regulatory harmonization in addressing these challenges.
SUBSCRIBE TO CYBER FOCUS:?YouTube?|?Spotify?|?Apple Podcasts
FROM McCRARY EXPERTS
How to remove the cybersecurity gridlock from the nation’s energy lifelines
Sachin Bansal and McCrary senior fellow Brian Harrell argue that while the U.S. government is spearheading efforts with industry leaders and international partners to fortify cybersecurity defenses, there is an urgent need for a unified approach from both the public and private sectors.?(CYBERSCOOP.COM)
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Breaches
Ford investigating potential breach after hackers claim data theft
The notorious hacker IntelBroker and a hacker called EnergyWeaponUser made the claims in a post on the BreachForums cybercrime forum, claiming they obtained 44,000 customer records, including names, physical addresses, and information on product acquisitions.?A data sample made public by the hackers indicates that ‘customers’ may not refer to end users, but rather dealerships that sell Ford vehicles. (SECURITYWEEK.COM)
Healthcare org Equinox notifies 21K patients and staff of data theft
Adding insult to injury, it appears the LockBit ransomware gang – which was supposed to have been shut down at the time of the incident – may be to blame. Equinox provides mental health and addiction services, domestic violence support, food and housing, and other community services for kids, adults, and families in New York state's capital region. (THEREGISTER.COM)
Fintech giant Finastra investigating data breach
The financial technology firm?Finastra?is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. (KREBSONSECURITY.COM)
Hacker downloaded sealed damaging testimony against Matt Gaetz, attorney says
Files containing statements from witnesses that gave?damaging testimony against Matt Gaetz, the former Congressman and President Donald Trump's pick for U.S. Attorney General, were hacked on Monday, attorneys say. The hacked files include an unredacted deposition of a woman who reportedly had sex with Gaetz when she was 17 years old. (PENSACOLA NEWS JOURNAL/YAHOO.COM)
Malware
Apple confirms zero-day attacks hitting macOS systems
The vulnerabilities, credited to Google’s TAG (Threat Analysis Group), are being actively exploited on Intel-based macOS systems, Apple confirmed in an?advisory?released on Tuesday. As is customary, Apple’s security response team did not provide any details on the reported attacks or indicators of compromise (IOCs) to help defenders hunt for signs of infections. (SECURITYWEEK.COM)
Ngioweb botnet fuels NSOCKS residential proxy network exploiting IoT devices
The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. "At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices," the Black Lotus Labs team at Lumen Technologies said in a?report. "Two-thirds of these proxies are based in the U.S." (THEHACKERNEWS.COM)
Phishing
Phishing scheme led to $2.2 million taken from Grand Forks Public Schools
Grand Forks Public Schools and the Grand Forks Police Department have provided few details on the crime or the ongoing investigation. The Secret Service is assisting with the investigation. GFPS Superintendent Terry Brenner said that the district’s IT director had told Brenner the scam was the “most sophisticated cybercrime he’s ever experienced.” (GRANDFORKSHERALD.COM)
Piracy
Hackers hijack unsecured Jupyter notebooks to stream illegal sports broadcasts
The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a?report. The covert piracy campaign within interactive environments widely used for data science applications was discovered by the cloud security firm following an attack against its honeypots. (THEHACKERNEWS.COM)
Ransomware
New 'Helldown' ransomware variant expands attacks to VMware and Linux systems
Helldown was?first publicly documented?by Halcyon in mid-August 2024,?describing?it as an "aggressive ransomware group" that?infiltrates?target networks by exploiting security vulnerabilities. Some of the prominent sectors targeted by the cybercrime group include IT services, telecommunications, manufacturing, and healthcare. (THEHACKERNEWS.COM)
Recovery
Companies take over seven months to recover from cyber incidents
Recovery times are expected to be even longer (8.14 months) for organizations planning to decrease their cybersecurity investment, according to new data from Fastly. The gap between perception and reality (34%) is also greater, with these firms actually taking 10.88 months on average to recover. (INFOSECURITY-MAGAZINE.COM)
Scams
'Scam yourself' attacks just increased over 600% - here's what to look for
Most people are keeping a close eye out for?online scams?these days, but if you're not careful, you might do the scammers' work for them. A?new study?from Gen, the company behind cybersecurity brands like Norton, Avast, LifeLock, AVG, ReputationDefender, and CCleaner, shines some light on "scam yourself" attacks that are on the rise dramatically. Instead of using other nefarious methods, these scams rely on social engineering to get people to download malware themselves.?(ZDNET.COM)
THREATS
Critical infrastructure
CISA releases Venue Guide for Security Considerations
The Cybersecurity and Infrastructure Security Agency (CISA) released a new?Venue Guide for Security Considerations?to help venue operators enhance safety, protect assets and create secure environments through effective security measures and best practices. (CISA.GOV)
Ransomware
Ransomware gangs on recruitment drive for pen testers
Threat actors are actively seeing pen testers to join various ransomware affiliate programs, including Apos, Lynx and Rabbit Hole, according to the findings from Cato Network’s Cato Cyber Threats Research Lab (CTRL) in its new?Q3 2024 Cato CTRL SASE Threat Report. Multiple Russian-language job listings have been discovered following the firm’s monitoring of discussions on the Russian Anonymous Marketplace (RAMP). (INFOSECURITY-MAGAZINE.COM)
Resilience
How can cities keep nonprofit groups cyber secure?
Food banks, homeless shelters, afterschool art programs, advocacy — nonprofit organizations offer critical services, but they also face steep challenges defending themselves against?cyber?attackers. With this in mind, a new?study?asks whether cities can do more to help with cybersecurity for nonprofits. (GOVTECH.COM)
Microsoft launches ‘Zero Day Quest’ competition to enhance cloud and AI security
Under the program, Microsoft will double the bounty rewards for eligible AI vulnerabilities from Nov. 19, 2024, to Jan. 19, 2025, and give researchers direct access to the company’s dedicated AI engineers and the AI Red Team, which specializes in probing AI systems for potential security flaws. The initiative is part of Microsoft’s broader Secure Future Initiative, launched to pre-emptively address security vulnerabilities across its extensive suite of products and services. (CYBERSCOOP.COM)
Vulnerabilities
CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
LoadMaster is an application delivery controller (ADC) and load-balancing solution used by large organizations to optimize app performance, manage network traffic, and ensure high service availability. CISA ordered federal organizations using the product to apply the available updates and mitigations until December 9, 2024, or stop using it. (BLEEPINGCOMPUTER.COM)
领英推荐
Critical Windows Kerberos flaw exposes millions of servers to attack
The vulnerability is tracked as?CVE-2024-43639?and has a CVSS score of 9.8 (critical severity). If left unpatched, it could lead to drastic consequences for organizations of all sizes, including data theft, system disruption, and even complete system compromise. The vulnerability is particularly concerning due to the widespread use of Windows Server and the ease with which attackers can exploit it.?(HACKREAD.COM)
Oracle warns of Agile PLM file disclosure flaw exploited in attacks
While Oracle stated that the flaw was disclosed by?Joel Snape and Lutz Wolf of CrowdStrike, the advisory did not indicate that it was actively exploited. However, a later blog post by Oracle's Vice President of Security Assurance, Eric Maurice, confirmed that it was exploited in attacks. (BLEEPINGCOMPUTER.COM)
D-Link urges users to retire VPN routers impacted by unfixed RCE flaw
The flaw was discovered and reported to D-Link by security researcher 'delsploit,' but technical details have been withheld from the public to avoid triggering mass exploitation attempts in the wild. The vulnerability, which does not have a CVE assigned to it yet, impacts all hardware and firmware revisions of DSR-150 and DSR-150N, and also DSR-250 and DSR-250N from firmware 3.13 to 3.17B901C. (BLEEPINGCOMPUTER.COM)
ADVERSARIES
China
U.S. Coast Guard issues MARSEC Directive 105-5 for Chinese-made STS cranes amid rising security concerns
The MARSEC Directive 105-5?addresses?the dominance of STS cranes from PRC companies?constitute?the largest share of the global STS crane market and nearly 80 percent of those at U.S. ports. These cranes, designed for remote control, servicing, and programming, are susceptible to exploitation, posing a threat to the maritime components of the national transportation system.?(INDUSTRIALCYBER.CO)
Russia
What is hybrid warfare, which some fear Russia will use after Ukraine’s strike?
Over recent years, European nations have witnessed a spate of incidents – cyber-attacks, arson, incendiary devices, sabotage and even murder plots. The aim of such episodes, security officials believe, is to sow chaos, exacerbate social tensions among Ukraine’s allies and disrupt military supplies to Kyiv. (THEGUARDIAN.COM)
GOVERNMENT AND INDUSTRY
Artificial intelligence
Chief data officers call for governmentwide AI strategy
Chief data officers (CDOs) are calling for a more coordinated strategy across the federal government — especially regarding?artificial intelligence?(AI). A new survey,?Five Years of Progress and the Road Ahead: Insights from the 2024 Survey of Federal Chief Data Officers, performed by the Data Foundation and Deloitte, examines the changing role of CDOs since the?passage of the Foundations for Evidence-Based Policymaking Act. (GOVTECH.COM)
The U.S. Patent and Trademark Office banned staff from using generative AI
The US Patent and Trademark Office banned the use of generative?artificial intelligence?for any purpose last year, citing security concerns with the technology as well as the propensity of some tools to exhibit “bias, unpredictability, and malicious behavior,” according to an April 2023 internal guidance memo obtained by WIRED through a public records request. (WIRED.COM)
USDA invests in AI, funding a pilot program for Michigan
With rural communities often facing significant resource constraints, this initiative aims to level the playing field by providing AI-powered tools to identify and secure much-needed funding. Six communities in Michigan will be selected for a pilot program to test and refine this innovative technology. The $100,000 grant funding the pilot is part of a rural business-cooperative service agreement. (GOVTECH.COM)
Trust and security are top concerns in the public sector’s use of generative AI, survey says
The AWS report found that 89% of participants said it was somewhat or critically important for their institutions to embrace GenAI, even as they also acknowledged limitations with the broader deployment of the tools across their organizations.?Sixty-four percent of those surveyed said it had been difficult for their employers to adopt the capabilities, with only 28% of respondents reporting that GenAI “is already integrated or broadly used across their organization.”?(NEXTGOV.COM)
Las Vegas sheriff tells a16z partners what’s next on his wish list: AI for bodycams
The sheriff wants to use AI to blur faces or obscure sensitive information from body camera footage. Kevin McMahill also said he wants to use AI to help officers sift through the reams of information they receive when they subpoena cell phone tower data during investigations. (TECHCRUNCH.COM)
Why Georgia is drafting an AI ethics framework
Nikhil Deshpande, Georgia’s chief digital and artificial intelligence officer, said the state is currently?developing its ethical AI guidelines?with help from an expert: Rose Procter, executive director of the TRUIST Center for Ethical Leadership at the University of North Georgia.?(STATESCOOP.COM)
The dawn of AIoE: Artificial Intelligence of Everything
Cisco?coined the term Internet of Everything in 2013 and later expanded it to the?Internet of Things. While IoT focuses on the connectivity between devices, IoE encompasses a broader scope, including devices, people, processes and data — all interconnected to create more intelligent and responsive systems. A decade later, embracing the term Artificial Intelligence of Everything, or AIoE, seems appropriate, a significant evolutionary phenomenon. (STATETECHMAGAZINE.COM)
Critical infrastructure
DHS seeks public input on pipeline security measures and inspections in 60-day comment period
When it comes to voluntary collection, as the lead federal agency for pipeline security and consistent with its statutory authorities, TSA needs to be notified of all incidents that may indicate a deliberate attempt to disrupt pipeline operations and activities that could be precursors to such an attempt. The Pipeline Security Guidelines encourage pipeline operators to notify the Transportation Security Operations Center via phone or email as soon as possible if incidents occur or if there is other reason to believe that a terrorist incident may be planned or may have occurred.?(INDUSTRIALCYBER.CO)
Healthcare
Health system CIOs' strategic responsibilities continue to evolve
The typical chief information officer in healthcare is taking on more responsibility for determining strategy and digital transformation, with 84% of CIOs now part of their organization's executive leadership team. That's just one stat from a recent?WittKieffer survey?of CIOs and chief digital officers that also found the majority (54%) are reporting directly to the CEO. (HEALTHCAREITNEWS.COM)
New HSCC playbook empowers medical product manufacturers to tackle cyber incidents effectively
The detailed guide offers step-by-step recommendations and processes for medical product manufacturers to handle cyber incidents. It aids in developing a robust cyber incident response plan, detailing procedures for detecting, investigating, eradicating, and recovering from cyber threats. Additionally, the HSCC playbook identifies industry and government partners for information sharing, incident analysis, mitigation support, and coordinated communication with customers and the public during incidents. (INDUSTRIALCYBER.CO)
Utah Legislature working on guidelines for artificial intelligence in mental health care
Artificial Intelligence could be your next therapist. The Utah Legislature is looking at recommendations and ultimately deciding whether to create new laws and policies. The director of the?Utah Office of Artificial Intelligence Policy?Zachary Boyd said several professionals already use AI in their practices. “We don’t think that the industry’s really proven what the best approaches are going to be yet,” he said. “But we’re seeing lots of companies starting to go into this area and try things.” (KSLNEWSRADIO.COM)
IT
Dell and Iron Bow agree to pay $4.3M to resolve False Claims Act allegations relating to submitting non-competitive bids to the Army
The settlements resolve allegations that from May 2020 to April 2024, Dell operated a deal registration program, whereby it gave advantageous pricing to Iron Bow to sell certain Dell computer hardware products to the Army in response to solicitations under the AMDC-3 contract. (JUSTICE.GOV)
Government-wide guidance on handling data could improve civil rights and civil liberties protections, GAO says
Emerging technologies—like facial recognition or AI—have rapidly increased the amount of personally identifiable information federal agencies collect, share, and use. This?report examines how agencies protect the public's civil rights and civil liberties while using personal data. Some agencies have policies and procedures to guide them in these efforts. But the specifics are different across agencies because there's no government-wide laws or guidance. (GAO.GOV)
VA approach to automated software testing is rooted in flexibility and efficiency
The Department of Veterans Affairs, serving a population of over 15-million veterans takes a flexible approach to automated software testing. The agency operates a multitude of applications in multiple stages of the lifecycle from cutting edge to legacy, some of which have 800 web pages to them. The VA relies on a quality assurance operations team to manage testing of these applications, using a homegrown tool that has been enhanced over the last decade. (FEDERALNEWSNETWORK.COM)
LEGISLATIVE UPDATES
Sen. Blumenthal wants FCC to get busy on telecom wiretap security rules
The suggestion to act immediately from Sen. Richard Blumenthal, D-Conn., comes in response to Chinese hackers known as Salt Typhoon, targeting the phones of both 2024 presidential campaigns via the so-called “lawful access” program, which mandates that telecoms assist the U.S. government in its surveillance efforts. The hacking campaign has spurred considerable?congressional interest. (CYBERSCOOP.COM)
Bipartisan quantum funding bill advances from committee
The?Department of Energy Quantum Leadership Act of 2024?— a bipartisan bill authored by Sens. Dick Durbin, D-Ill., and Steve Daines, R-Mont. — contains multiple provisions related to quantum technology and sciences research, namely funding federal efforts in quantum networking research and development, establishing domestic foundry programs and conducting industry outreach efforts. (NEXTGOV.COM)
Bipartisan Senate bill targets supply chain threats from foreign adversaries
The?Federal Acquisition Security Council Improvement Act?from Sens. Gary Peters, D-Mich., and Mike Rounds, R-S.D., is aimed at better combatting security threats posed by technology products made by companies with ties to foreign adversaries, most notably China.?(CYBERSCOOP.COM)
House passes veterans’ package without EHR accountability measures
The bill, known as the Senator Elizabeth Dole 21st Century Veterans Healthcare and Benefits Improvement Act, was?rolled out?with the backing of the bipartisan leaders of the House and Senate Veterans’ Affairs committees. The?proposal?cleared the House in a 389-9 vote.?When first introduced in May by Rep. Juan Ciscomani, R-Ariz., the package included an entire section focused on proposals designed to improve VA’s beleaguered rollout of its new Oracle Cerner EHR system.?(NEXTGOV.COM)
VETERANS AFFAIRS HEARING:?On?Nov. 20?at 9 a.m.?the House Veterans Affairs Subcommittee on Technology Modernization will hold an oversight hearing on ”VA Cybersecurity: Protecting Veteran Data from Evolving Threats.”
WORLDWIDE THREATS HEARINGS: On Nov. 20 at 10 a.m., the House Homeland Security Committee will hold a hearing to review global threats with agency leaders.
On Nov. 21, the Senate Homeland Security and Governmental Affairs Committee will also hear from agency leaders in a hearing to review current threats to the homeland.
EVENTS
CYBERSECURITY FUTURES FORUM: This cybersecurity conference on Nov. 20 in Tyons Corner, Va., hosted by GovExec’s Nextgov/FCW, Defense One and Washington Technology, will feature leaders from federal and defense sectors to tackle pressing cybersecurity challenges. Mainstage discussions will focus on proactive measures, regulatory updates and emerging cybersecurity standards essential for operational readiness.?
OPERATIONAL TECHNOLOGY: Join government leaders and industry experts on Dec. 3 in Washington, D.C., to explore advanced strategies for protecting U.S. operational technology and critical infrastructure and understand the biggest threats facing these sectors today.
MARITIME CYBERSECURITY: The National Maritime Security Advisory Committee will conduct a virtual meeting Dec. 3 to discuss new Committee taskings on Cybersecurity Regulation Implementation, Regulatory/Navigation and Vessel Inspection Circular Revisions, and Homeport Modernization.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | FACEBOOK
SUBSCRIBE TO THE CYBER FOCUS PODCAST?YOUTUBE?|?SPOTIFY?|?APPLE PODCASTS